News

"Evil twin" WiFi hotspots are being used to hack bank accounts- expert

At a seminar at the Dana Centre of the London Science Museum this evening (7 pm) security expert Dr Phil Nobles will warn WiFi hotspot users to take hackers seriously.

The threat that Nobles, from Cranfield University, worries about is simple. The hacker sets up a parallel hotspot near a public one, and disguises it as the public one. The trick is one that anybody with a WiFi-based PC could pull; give your PC the same SSID as the public one, and set up a duplicate login.

According to a BBC report, the risk isn't so much that someone will pick up your username and password for the hotspot. Rather, it's the risk that you might connect over the rogue AP to your bank, allowing the hacker to log your banking security details.

"London is one of the world's premier cities for wireless hot spots, with at least 1000 official sites, enabling those of us with wireless computers greater digital access," says the blurb for the seminar. "But these radio signals can be intercepted by others, including those with criminal intent. Your personal and financial information could be at risk. Do you have the right level of security? Who's responsibility is this security - ours, the computer manufacturer's or the wireless host's?"

In an interactive demonstration, Phil Nobles, wireless internet and cyber-crime expert from Cranfield University, and others, will highlight the vulnerabilities of wireless computing, how cyber-criminals can hack into your computer and the measures you as a computer user can take to protect yourself.

The warning comes highly endorsed - by no less a figure than a very eminent colleague of Phil Nobles - none other than Professor Brian Collins, from the Royal Military College of Science, Cranfield University.

Acording to a report in the London Evening Standard newspaper, Collins - a former chief scientist at GCHQ, the Government's secret eavesdropping station - said: "Users need to be wary of using their WiFi enabled laptops or other portable devices in order to conduct financial transactions or anything that is of a sensitive personal nature, for fear of having disclosed this information to an unauthorised third party."